package sg.edu.nus.iss.cats.filters;

import java.io.IOException;
import javax.servlet.*;
import javax.servlet.http.*;

import sg.edu.nus.iss.cats.controller.*;
import sg.edu.nus.iss.cats.model.*;
import sg.edu.nus.iss.cats.exception.*;


/**
 * Implementation of <code>javax.servlet.Filter</code> used to check access rights
 *
 * @version $Revision: 1.0
 */
public class AdminAccessFilter implements Filter {

    /**
     * The filter configuration object we are associated with.  If this value
     * is null, this filter instance is not currently configured.
     */
    private FilterConfig config = null;
    private String       errorPage = null;

     /**
     * Place this filter into service.
     *
     * @param filterConfig The filter configuration object
     */

    public void init(FilterConfig filterConfig) {
        this.config = filterConfig;
		ServletContext ctx = config.getServletContext();
        this.errorPage = ctx.getInitParameter("errorPage");
    }

    /**
    * Take this filter out of service.
    */
    public void destroy() {
        this.config = null;

    }

    /**
     * The <code>doFilter</code> method of the Filter is called by the container
     * each time a request/response pair is passed through the chain due
     * to a client request for a resource at the end of the chain.
     * The FilterChain passed into this method allows the Filter to pass on the
     * request and response to the next entity in the chain.<p>
     * This method first checks if there is a valid user session <br>
     * It also checks if the access rights provided for the user allows access to the resource<br>
     **/
    public void doFilter ( ServletRequest request, ServletResponse response,
                        FilterChain chain ) throws IOException, ServletException {

        System.out.println("AdminAccessFilter: doFilter");
        try{

            HttpSession session = ((HttpServletRequest)request).getSession(false);
            UserSession userSession = (UserSession) session.getAttribute("USERSESSION");
            User user = userSession.getUser();
            if (!user.hasRole("admin")) {
				throw new NoAccessException();
			}
            System.out.println("AdminAccessFilter: check successful");

            chain.doFilter( request, response );

        } catch (NoAccessException e)  {
            System.out.println("AdminAccessFilter: No access");
            request.setAttribute ("CATS_ERROR_PAGE_TITLE", "title.noAccess");
            request.setAttribute ("CATS_ERROR_PAGE_MESSAGE", "error.noAccess");
            RequestDispatcher rd = config.getServletContext().getRequestDispatcher(errorPage);
            rd.forward(request, response);
            return;

        } catch (Exception e) {
            System.out.println("AdminAccessFilter: Exception: " + e);
            RequestDispatcher rd = config.getServletContext().getRequestDispatcher(errorPage);
            rd.forward(request, response);
            return;
        }
	}

}

